I think this is absolutely correct which is why I believe the days where we can count macOS on having the ability to execute non-sandboxed applications are numbered. I think in hindsight apps that have already made the transition to the App Store (or were designed for it) will be at a tremendous advantage over the ones that either aren't adopting that model or have left it.
Google has an even greater advantage than Apple here because they became fully invested in sandboxing much earlier (the browser).
Chromium's sandbox's main innovation was shoehorning Windows' permission model into a sandbox without having to modify the operating system. It's a masterpiece, don't get me wrong, but it doesn't transfer well to establishing good sandboxes on other platforms. Chromium's macOS sandbox just uses the one built into the OS and the Linux one doesn't leverage the effort put into the Windows variant either (though there is no need to anyway).
That said, the fact that Apple's sandbox relies on inserting a full Lisp implementation into the kernel has always rubbed me the wrong way. I'm not sure if anybody is very good at this yet.
There's definitely room for both; for example, a developer mode that requires physical intervention, tripping a fuse, or complicated instructions that prevent 95-99% of users from ever looking into it.
Google has an even greater advantage than Apple here because they became fully invested in sandboxing much earlier (the browser).